Privacy Policy

What We Collect

When you create an account, we store:

• Email address — used as your login identifier.
• Password — stored as a salted, one-way hash (PBKDF2-SHA256). We cannot see or recover your password.

When you connect your services, we store:

• Shopify access token — granted via OAuth. We only request read-only access to customers, products, orders, and inventory, plus write access to inventory levels.
• Odoo URL, database, and login — saved to pre-fill your settings on return visits.
• Odoo password / API key — never stored in our database. It is held only in your encrypted browser session for the duration of your visit and discarded after sync.

What We Don’t Collect

• Payment information — all payments are processed by Stripe. We never see, handle, or store your card number, CVV, or billing details.
• Your business data — customer records, product catalogs, and order data are streamed directly between Shopify and Odoo during sync. We do not store, log, or retain any of your business data on our servers.
• Analytics or tracking — we do not use cookies for advertising, analytics services, or any third-party tracking.

How Your Data Is Used

Your credentials are used exclusively to:

• Authenticate with Shopify and Odoo on your behalf during a sync.
• Pre-fill connection fields so you don’t have to re-enter them each time.

We do not share, sell, or provide your data to any third party. Your credentials are never used outside of your explicit sync requests.

Data Storage & Security

• All data is stored in an encrypted-at-rest database on our server.
• All connections to our site use HTTPS/TLS encryption.
• Passwords are hashed with PBKDF2-SHA256 using a unique random salt per account.
• Shopify access is granted via OAuth — we never ask for or store your Shopify password.
• Each Stripe payment session can only be used once, preventing replay attacks.

Data Retention

• Account data — retained as long as your account is active.
• Sync history — we log the date, status, and record count of each sync. No business data is included in these logs.
• Deletion — contact us to request full deletion of your account and all associated data.

Shopify Permissions

We request the minimum Shopify access scopes required for sync:

• read_customers — to sync customer records to Odoo.
• read_products — to sync product catalogs to Odoo.
• read_orders — to sync orders to Odoo.
• read_inventory, write_inventory, read_locations — to sync inventory levels from Odoo back to Shopify.

You can revoke access at any time from your Shopify admin under Settings → Apps.

Third-Party Services

• Stripe — payment processing. Subject to Stripe’s Privacy Policy.
• Shopify — store data access via OAuth. Subject to Shopify’s Privacy Policy.

Contact

For questions about this policy or to request data deletion, email nkosinski@ordinconsulting.com.